Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.
AnalysisAI
Smart Switch versions prior to 3.7.69.15 contain an exposure of sensitive functionality vulnerability that allows remote attackers to set specific configurations without proper authorization. An unauthenticated attacker can leverage network access to manipulate configuration settings on affected devices, potentially leading to information disclosure and integrity compromise. This vulnerability requires user interaction according to the CVSS vector, suggesting a social engineering or phishing component may be necessary for successful exploitation.
Technical ContextAI
The vulnerability exists in Samsung Smart Switch, a data migration and device management application used across Samsung mobile devices and ecosystem services. The root cause appears to be improper access control mechanisms that fail to adequately restrict configuration modification functions to authorized users. The absence of explicit CWE attribution suggests this may involve multiple contributing factors including authentication bypass or insecure direct object references (IDOR-like patterns). The CVSS 4.0 vector indicates the attack surface is network-accessible with low attack complexity, meaning no special conditions or tool development is required for exploitation. The vulnerable component handles sensitive device configuration settings that should remain protected from unauthorized modification.
RemediationAI
The primary remediation is to upgrade Samsung Smart Switch to version 3.7.69.15 or later immediately. Users can download the latest version from Samsung's official website or through automatic update mechanisms available within the application itself. For environments where immediate patching is not feasible, restrict Smart Switch usage to trusted networks only and disable remote configuration capabilities if such options are available in the application settings. Additionally, monitor Smart Switch logs for unauthorized configuration change attempts and consider restricting which user accounts have permission to execute Smart Switch on shared devices. Organizations managing multiple devices should use Samsung's mobile device management (MDM) solutions to centrally enforce configuration protection and ensure all instances are updated to the patched version.
More in Smart Switch
View allSmart Switch versions prior to 3.7.69.15 contain a replay attack vulnerability in the authentication mechanism that allo
Samsung Smart Switch versions prior to 3.7.69.15 contain an authentication bypass vulnerability that allows unauthentica
A cryptographic downgrade vulnerability in Samsung Smart Switch allows remote attackers to force the application to use
A path traversal vulnerability in Smart Switch (CVSS 7.1) that allows adjacent attackers. High severity vulnerability re
Smart Switch versions prior to 3.7.69.15 contain an improper authentication vulnerability that allows adjacent network a
A security vulnerability in Smart Switch installed on non-Samsung Device (CVSS 5.0) that allows local attackers. Remedia
Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to a
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12307